Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Rules possible bug?

    Scheduled Pinned Locked Moved 1.2.1-RC Snapshot Feedback and Problems-RETIRED
    7 Posts 3 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      galaxy60
      last edited by

      Hi I have just setup my third PFsense box and I am trying 1.21 this time, my setup consists of the following
      WAN  192.168.1.100/24
      LAN    160.220.200.254/24
      OPT1  192.168.3.254/24
      OPT2  192.168.4.254/24

      My problem is I have created  firewall rules on OPT1 & OPT2 to stop anyone from accessing the LAN using protocol any and block LAN address which works great however I also need to block OPT2 from accessing OPT1, as soon as I add an Identical rule with block OPT1 address and apply the settings I am still able to acces OPT1 this also cancels the first rule allowing you to also gain access to the LAN.

      I have rebooted the unit, reinstalled and started from scratch to no effect is this a configuration issue / limitation or a possible bug?

      Cheers  ???

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        Try Diagnostics -> States -> Reset state
        It's easier to help if you post your rules Screengrab a firefox addon

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • G
          galaxy60
          last edited by

          Hi thanks for the reply, I have now reset the states and it has had no effect at all I have also deleted the rules and recreated them with complete with a restart :-[

          I will attach a screen shot later with the two firewall rules

          Cheers,

          1 Reply Last reply Reply Quote 0
          • G
            galaxy60
            last edited by

            Hi I have attached a screen shot for the rule that is blocking access from OPT2 (Guests) onto my LAN I also have an identical rule created that is blocking access to OPT1 (LAN2) either rule created on its own works and blocks the defined network when both are created and activated you are then able to access both my LAN and LAN2

            cheers, ???

            BlockLan.JPG
            BlockLan.JPG_thumb

            1 Reply Last reply Reply Quote 0
            • P
              Perry
              last edited by

              You want to block the lan subnet and not the lan adresse
              http://doc.m0n0.ch/handbook-single/#id11642030

              /Perry
              doc.pfsense.org

              1 Reply Last reply Reply Quote 0
              • G
                galaxy60
                last edited by

                Got it all working cheers Perry I have attached a screen shot of the rules.

                ;D

                01.jpg
                01.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  You could also create an alias which contains both your LAN1 and LAN2.
                  Then use this alias in your second rule (allow anything with as destination NOT the alias).

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.